Vendor CVEs
1panel Dev
All CVEs
55 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-37916 | 0.00 | — | 0.01 | Jul 21, 2023 | KubePi is an opensource kubernetes management panel. The endpoint /kubepi/api/v1/users/search?pageNum=1&&pageSize=10 leak password hash of any user (including admin). A sufficiently motivated attacker may be able to crack leaded password hashes. This issue has been addressed in… | |||
| CVE-2023-37917 | 0.00 | — | 0.01 | Jul 21, 2023 | KubePi is an opensource kubernetes management panel. A normal user has permission to create/update users, they can become admin by editing the `isadmin` value in the request. As a result any user may take administrative control of KubePi. This issue has been addressed in version… | |||
| CVE-2023-37477 | 0.00 | — | 0.05 | Jul 18, 2023 | 1Panel is an open source Linux server operation and maintenance management panel. An OS command injection vulnerability exists in 1Panel firewall functionality. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP… | |||
| CVE-2023-36457 | 0.00 | — | 0.02 | Jul 5, 2023 | 1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.3.6, an authenticated attacker can craft a malicious payload to achieve command injection when adding container repositories. The vulnerability has been fixed in v1.3.6. | |||
| CVE-2023-36458 | 0.00 | — | 0.02 | Jul 5, 2023 | 1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.3.6, an authenticated attacker can craft a malicious payloads to achieve command injection when entering the container terminal. The vulnerability has been fixed in v1.3.6. |
- CVE-2023-37916Jul 21, 2023risk 0.00cvss —epss 0.01
KubePi is an opensource kubernetes management panel. The endpoint /kubepi/api/v1/users/search?pageNum=1&&pageSize=10 leak password hash of any user (including admin). A sufficiently motivated attacker may be able to crack leaded password hashes. This issue has been addressed in…
- CVE-2023-37917Jul 21, 2023risk 0.00cvss —epss 0.01
KubePi is an opensource kubernetes management panel. A normal user has permission to create/update users, they can become admin by editing the `isadmin` value in the request. As a result any user may take administrative control of KubePi. This issue has been addressed in version…
- CVE-2023-37477Jul 18, 2023risk 0.00cvss —epss 0.05
1Panel is an open source Linux server operation and maintenance management panel. An OS command injection vulnerability exists in 1Panel firewall functionality. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP…
- CVE-2023-36457Jul 5, 2023risk 0.00cvss —epss 0.02
1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.3.6, an authenticated attacker can craft a malicious payload to achieve command injection when adding container repositories. The vulnerability has been fixed in v1.3.6.
- CVE-2023-36458Jul 5, 2023risk 0.00cvss —epss 0.02
1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.3.6, an authenticated attacker can craft a malicious payloads to achieve command injection when entering the container terminal. The vulnerability has been fixed in v1.3.6.
Page 2 of 2